|
|
Advertise Contact SecurityWatch |
| Articles | Editorials | Reviews | News | InfoSec Directory | Releases | Submit PR |
|
How to avoid security holes Publication date: Tuesday, 05 October 2004 10/05/2004. Vulnerabilities or security holes in the most widely used software are attracting more attention from both users and the media. The reason for this is that vulnerabilities have become a very effective means of propagation for many Internet threats. Security holes are nothing new; but until computer networks appeared, they were not given much importance. They became the center of attention with the dawning ofthe Internet, as computers were no longer isolated but rather links in a long chain through which huge amounts of information were exchanged. This is when security holes really started to become important. One of the first consequences was the appearance of viruses that exploited these flaws in order to spread rapidly, infecting thousands of computers. What’s more, depending on the vulnerability, viruses can also use them to run automatically on the computer or get in through a communications port, without needing to use typical means of propagation, such as floppy disks or email. An example of a recent vulnerability exploit is Exploit/MS04-028, which affects the process of viewing JPEG files. This problem has been detected in many of Microsoft’s products, including Office XP, Office 2003 and Windows XP. When a user opens a JPEG image that has been specially crafted to exploit the vulnerability, a buffer overflow occurs that could allow malicious action to be taken on the computer, including stealing confidential information, sending out spam, opening backdoors or downloading and running files. For this reason, it is just a matter of time before threats exploiting this flaw appear. This problem has recently become worse, as the time between a vulnerability being detected and malicious code that exploit it appearing has been reduced to just a few days. But not only viruses exploit security flaws to achieve their objectives. Hackers also use them to get into computers and steal all kinds of information, as well as other threats like spyware or dialers, which can exploit vulnerabilities to install themselves on computers when users visit a web page. How to protect against security holes - The main tip on how to avoid a threat from affecting your computer through a software vulnerability is to keep yourself informed about the new flaws detected and apply the patches needed to fix them. To do this you should subscribe to a security bulletin. A good example is Oxygen3 24h-365d, a free e-bulletin published by Panda Software everyday, which gives up-to–the-minute information about the new vulnerabilities that have emerged. Similarly, you should also regularly visit the websites of the manufacturers of the software installed on your computer, where you will find all the patches needed to correct the security problems detected. - Make sure you have an updated antivirus program installed. This will block many viruses that exploit software vulnerabilities in order to infect computers. An even more effective measure is to combine antivirus protection with a personal firewall to block viruses that use security holes to get into computers through unprotected communications ports. About PandaLabs On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users. For more information: Ignacio Ayerbe |
Thursday, August 18, 2005 Network Security
GFI MailArchiver for Exchange - Easily archive Exchange Server mail & comply with Sarbanes Oxley - Free evaluation available. Network Security Software - Sponsored by GFI Network Security. Check your website security with Acunetix Web Vulnerability Scanner. Audit your web applications for SQL injection, cross site scripting & more. Download trial! Wireless Security
Press Releases
|
| Copyright © 2000 - 2005 eBCVG IT Security | Affiliates :: RSS feeds :: Privacy |